Articles

Is desktop.ini cause of search redirect?

July 24, 2011 at 07:30:37
Specs: Windows 7

I managed to get a virus on my computer that redirects my search engine results to ads pages. My anti-virus program keeps identifying a file as severely dangerous - C:\Windows\assembly\GAC_MSIL\Desktop.ini. When the antivirus program deletes that file, it always comes back after I restart the computer and google searches continue to not work. There are a few other glitches that are not normally present on my computer, like the desktop not appearing, Firefox not opening or dropdown menues not dropping, but none of these are consistantly present after each restart. The system restore date options only go to my last restart.

So, the questions I have are these:
Is GAC_MSIL\Desktop.ini correctly identified as the root of this problem?
How do I correctly delete it? (Even though I have hidden files and folders viewable right now, I cannot find the GAC_MSIL folder.)

I've tried to research other similar situations, but I cannot find a clear answer, so any help is extremely appreciated.

Cheers!


See More: Is desktop.ini cause of search redirect?

Report •


#1
July 24, 2011 at 09:00:14

elfinsel,

That file has been identified as malware in other cases:
Trojan-Spy.Win32.Agent.blbk C:\WINDOWS\assembly\GAC_MSIL\Desktop.ini

Please do the following:

Run the Kaspersky Virus Removal Tool:
http://www.kaspersky.com/antivirus-...

Double-click the file to run the program.
If running Vista/Windows 7, right-click and select: Run as administrator.

When it starts, to the right of 'Security Level' click 'Recommended', and select: Settings
-In the window that opens (Autoscan), in the ‘Scope’ tab, place a checkmark to the left of: 'Parse email formats'.

-Click the ‘Additional tab’ and click to place a checkmark by ’RootKit Scan’, and ‘Deep Scan‘, then click OK.

Select all the drives to scan, except for CD-ROM drives, and click the ‘Start Scan’ button

If malware is detected, place a checkmark in the ‘Apply to all’ box, and click the ‘Delete’ button (or 'Disinfect' if the button is active).

After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the ‘Neutralize all’ button.

In the window that opens, place a checkmark in the ‘Apply to all’ box, and click the ‘Delete’ button (or Disinfect if the button is active).

If advised that a special disinfection procedure is required which demands system reboot: click the OK button to close the window.

In the Scan window click the ‘Reports’ button and select ‘Save to file‘.
Name the report 'kvrt.txt', and save it to the Desktop.
Close the program.

>>Please copy/paste the report (of Detected malware), and provide in your reply.<<

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#2
July 24, 2011 at 13:06:16

aaflac44 -
Thanks so much for a quick reply. Since you replied, I've tried using Kapersky about 10 times and every time the program closes (with no notifications) at some point during the process. Once, it never loaded. Multiple times it just disappeared while scanning. Once, it managed to find the virus and seemed to be deleting it, but the program closed again. It's never made it to any sort of completion. I'll continue to try, since it closes at different points, but do you know of any reason why Kapersky might keep closing on me?

Report •

#3
July 24, 2011 at 13:23:29

elfinsel,

There is a conflict somewhere, or malware is precluding the run, but that is not unusual.

Give this a try instead:

McAfee Stinger:
http://www.mcafee.com/us/downloads/...

Save to the Desktop

If running Vista/Windows 7, right-click and select: Run as administrator.
(if the option is available - if not, double click to run the program)

At the main screen, press: ‘Scan Now’

When done, save the scan results to a log file:
Click: File
Select: Save report to file
Save to the Desktop

Please post the McAfee Stinger report in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

Related Solutions

#4
July 24, 2011 at 13:40:01

It closed out too, and, when I just tried again, it said "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

Report •

#5
July 24, 2011 at 14:28:26

Press Ctrl Alt Delete or Ctrl Shift Escape to bring up Windows Task Manager
In Task Manager go to File and select: New task (Run…)
In the Create New Tasks prompt, in the Open box type (or copy/paste):

cacls "C:\Windows\explorer.exe" /G Everyone:F

Press: Enter/OK

Restart the computer and see if you can run the program.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#6
July 26, 2011 at 08:28:04

This still isn't working.

I recently installed Windows 7 and hardly had any new files or programs, all of which I could back up on an external hard drive or reinstall later. I would be totally fine with just reloading Windows 7, but my hard drive right now is almost entirely full, so I can't.


Report •

#7
July 26, 2011 at 18:10:01

elfinsel,

Do you have an idea as to when the problem started?

If it is not too far out, try a System Restore to a point in time before the problem began:
http://www.sevenforums.com/tutorial...


When done, please do the following:

Download DDS from one of these locations:
http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...


Save it to your Desktop

Disable any script blocker, and then double-click dds.scr to run the tool.

When done, DDSl opens two (2) logs:
DDS.txt
Attach.txt
Save both reports to your Desktop.

Since these reports are quite large, please go to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the DDS.txt, and click on 'Open'
You will see the following:
Your file has been uploaded successfully: (Name and size of the file)
Please copy the 'Download link'.

Do the same for the Attach.txt.

Please copy the 'Download link', for each report, and provide them in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#8
October 3, 2011 at 07:10:01

clear the cache files and remove the infected files in safe mode . Also system tool to remove the virus

Report •

#9
October 13, 2011 at 00:52:54

You may want to use the free Avira Rescue CD and boot it through the rescue CD to scan for viruses & other security threats. Avira have the highest virus definition at the moment.

http://osandsoftwarehelp.yolasite.c...
Los Beast


Report •

#10
November 6, 2011 at 16:29:55

so, how to remove this virus if non of the "greatest" anti viruses cant help?

Report •


Ask Question